PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 12:41:29 +00:00
Code Issues Projects Releases Wiki Activity

Correct logic on checking for SHA1 certificate in ssl-enum-ciphers

Browse Source
This commit is contained in:
dmiller
2014-11-10 16:16:29 +00:00
parent 4e3baad093
commit c85bb0b54f
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
scripts/ssl-enum-ciphers.nse
View File

@@ -518,9 +518,11 @@ local function find_ciphers_group(host, port, protocol, group, scores)
scores.warnings["Insecure certificate signature: " .. string.upper(sigalg)] = true scores.warnings["Insecure certificate signature: " .. string.upper(sigalg)] = true
else else
sigalg = c.sig_algorithm:match("([sS][hH][aA]1)") sigalg = c.sig_algorithm:match("([sS][hH][aA]1)")
-- TODO: Update this when SHA-1 is deprecated in 2016 if sigalg then
-- kex_strength = 0 -- TODO: Update this when SHA-1 is deprecated in 2016
scores.warnings["Weak certificate signature: SHA1"] = true -- kex_strength = 0
scores.warnings["Weak certificate signature: SHA1"] = true
end
kex_strength = tls.rsa_equiv(kex.pubkey, c.pubkey.bits) kex_strength = tls.rsa_equiv(kex.pubkey, c.pubkey.bits)
extra = string.format("%s %d", kex.pubkey, c.pubkey.bits) extra = string.format("%s %d", kex.pubkey, c.pubkey.bits)
end end